General

  • Target

    file.exe

  • Size

    2.4MB

  • Sample

    221206-wvwjxaed9s

  • MD5

    7154a5f46e98fb0ce707e73613e1e069

  • SHA1

    7df1d61b71e6b30d41cccf06f9bc5057c66587db

  • SHA256

    ef5f90190b02567c1e2afb1835edb80b0a6276178df005b3a366eac080ef3ac0

  • SHA512

    fa065a89886292353d347bf507ba166e98f1a896d6d69eb049d164d4605c605ad6a12e82c1d2254a8f810cee60417204e4777f3b1e414a3d88b95499055c52bf

  • SSDEEP

    12288:zEfdieNsYHk31Qbgp1NvQu+0f5gwYqfhuaDYsKm0S6n:zL31QEp1hQ0fqwYqfqsNy

Malware Config

Extracted

Family

redline

Botnet

@andriii_ff

C2

176.124.220.67:30929

Attributes
  • auth_value

    525a7ad8080b3552f2f7735af7644111

Targets

    • Target

      file.exe

    • Size

      2.4MB

    • MD5

      7154a5f46e98fb0ce707e73613e1e069

    • SHA1

      7df1d61b71e6b30d41cccf06f9bc5057c66587db

    • SHA256

      ef5f90190b02567c1e2afb1835edb80b0a6276178df005b3a366eac080ef3ac0

    • SHA512

      fa065a89886292353d347bf507ba166e98f1a896d6d69eb049d164d4605c605ad6a12e82c1d2254a8f810cee60417204e4777f3b1e414a3d88b95499055c52bf

    • SSDEEP

      12288:zEfdieNsYHk31Qbgp1NvQu+0f5gwYqfhuaDYsKm0S6n:zL31QEp1hQ0fqwYqfqsNy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks